I was wondering why I wasn't seeing this as I also run Samba 4.7.x on
SmartOS.
But I am not using shadow_copy2 so that's probably why I haven't killed
my entire
server yet. Although I do have some weirdness when my ZFS acls deny
access to
some directories. So that might indeed be related.
You may want to create a issue for this on the illumos bugtracker:
https://www.illumos.org/issues
And reference samba's bugzilla and visa versa.
Regards
Jorge
On 2017-10-10 00:41, Brian De Wolf wrote:
We have some file servers running OmniOS that are serving their shares
using Samba rather than the in-kernel server. We recently updated
Samba, experienced crashes, and worked through the problem with Samba
developers [1].
A summary of the problem is that newer versions of Samba use
getwd/getcwd/realpath to track where the Samba process is so that it
can't be tricked into operating in a directory outside of the share's
parent directory. This breaks down on Illumos platforms because getcwd
observes filesystem permissions- if one of the parent directories is
unreadable to the process, the process can no longer call getcwd
successfully. This originally caused the server to panic and
completely die, but even with patches, only certain operations are
available when getcwd is broken (read-only, essentially).
The other main platforms (Linux and FreeBSD) don't have this issue.
Annoyingly, Illumos seems willing to provide this information without
constraints, but only if you readlink("/proc/self/path/cwd") instead.
Is it crazy to ask for getcwd's behavior to be changed? It's
technically allowed by POSIX to fail like this (which I suspect is to
allow for naive implementations that have to walk the filesystem), but
there doesn't seem to be an alternative for a process that wants to
validate its cwd.
Is there something I'm missing that Samba could use instead? I've
played with using LD_PRELOAD to replace getwd/getcwd with reading proc,
but that doesn't feel like a sustainable solution.
[1] https://bugzilla.samba.org/show_bug.cgi?id=13027
------------------------------------------
illumos-discuss
Archives:
https://illumos.topicbox.com/groups/discuss/discussions/T1bf578bf66b8b8b0-Me445e2c05d3faf31b34982d5
Powered by Topicbox: https://topicbox.com
